Bug#828577: The patch is upstream

2017-01-20 Thread Hon Ching(Vicky) Lo 
Hi Pierre,


Are there any problems for releasing the tpm-tools 1.3.9?  As we last
discussed, tpm-tools should work with openssl 1.1. if you could just
disable the PKCS#11 support, which has been obsolete and yet Debian
turned on by default.  Please let me know if I can assist.


Ubuntu would like to get the most up-to-date tpm-tools in the coming
release, and Ubuntu can't inherit that if Debian doesn't release
the package before release freeze..



Regards,
Vicky

Bug#828577: The patch is upstream

2016-12-14 Thread Dimitri John Ledkov 
On Tue, 06 Dec 2016 17:38:01 -0500 "Hon Ching(Vicky) Lo"
 wrote:
> On Sun, 2016-11-20 at 18:04 +0100, Pierre Chifflier wrote:
> > On Thu, Nov 17, 2016 at 07:47:56PM -0500, Hon Ching(Vicky) Lo wrote:
> > > On Thu, 2016-11-17 at 16:29 -0500, Hon Ching(Vicky) Lo wrote:
> > > > Hi
> > > >
> > > > The patch is upstream:
> > > > https://sourceforge.net/p/trousers/tpm-tools/ci/6fb8a3c5ad3bc6e62f6895a4fcf3540faa29b4f2/
> > > >
> > > >
> > > > Thanks,
> > > > Vicky
> > >
> > > The patch above is based off the latest code in tpm-tools 1.3.9.  Please
> > > rebase to tpm-tools 1.3.9 to pick up the patch instead.  Thanks!
> > >
> >
> > Hi,
> >
> > Version 1.3.9 does not fix the build with OpenSSL 1.1. It still fails
> > with the following error:
> >
> > gcc -DHAVE_CONFIG_H -I. -I../..  -I../../include -D_LINUX -Wdate-time 
> > -D_FORTIFY_SOURCE=2  -g -O2 
> > -fdebug-prefix-map=/home/pollux/DEBIAN/TPM-TOOLS/tpm-tools=. 
> > -fstack-protector-strong -Wformat -Werror=format-security -m64 -Wall 
> > -Wno-unused -Wno-implicit-function-declaration -Wreturn-type -Wsign-compare 
> > -c -o data_import.o data_import.c
> > data_import.c: In function ‘readX509Cert’:
> > data_import.c:375:26: error: dereferencing pointer to incomplete type 
> > ‘EVP_PKEY {aka struct evp_pkey_st}’
> >   if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) {
> >   ^~
> > In file included from /usr/include/openssl/asn1.h:24:0,
> >  from /usr/include/openssl/rsa.h:16,
> >  from data_import.c:34:
> > data_import.c: In function ‘createRsaPubKeyObject’:
> > data_import.c:694:34: error: dereferencing pointer to incomplete type 
> > ‘RSA {aka struct rsa_st}’
> >   int  nLen = BN_num_bytes( a_pRsa->n );
> >   ^
> > Makefile:524: recipe for target 'data_import.o' failed
> >
> > OpenSSL decided not to allow access to these fields anymore. At this
> > point, I have no idea on how to fix this.
> >
> > Best regards,
> > Pierre
> >
> Hi Pierre,
>
>
> OpenCryptoki builds the TPM token that can communicate with a TPM.
> Thus, the PKCS#11 support in tpm-tools wasn't necessary.  The build
> in version 1.3.9 does not include the pkcs#11 support by default.
> If Debian enables that support by default, please disable it.
>

I have cherry-picked upstream patches for opencryptoki into
experimental and it builds against openssl 1.1 there.
Could you please update tpm-tools to 1.3.9 in experimental, and if
everything buids and is fine it should be good to go into unstable
too, no?
Or is there more porting to do in the optional code?

Note, Debian by default, enables as many features in packages as
practically useful and possible. Why should we regress feature parity
in the new release?

Regards,

Dimitri.

Bug#828577: The patch is upstream

2016-12-06 Thread Hon Ching(Vicky) Lo 
On Sun, 2016-11-20 at 18:04 +0100, Pierre Chifflier wrote:
> On Thu, Nov 17, 2016 at 07:47:56PM -0500, Hon Ching(Vicky) Lo wrote:
> > On Thu, 2016-11-17 at 16:29 -0500, Hon Ching(Vicky) Lo wrote:
> > > Hi
> > > 
> > > The patch is upstream:
> > > https://sourceforge.net/p/trousers/tpm-tools/ci/6fb8a3c5ad3bc6e62f6895a4fcf3540faa29b4f2/
> > > 
> > > 
> > > Thanks,
> > > Vicky
> > 
> > The patch above is based off the latest code in tpm-tools 1.3.9.  Please
> > rebase to tpm-tools 1.3.9 to pick up the patch instead.  Thanks!
> > 
> 
> Hi,
> 
> Version 1.3.9 does not fix the build with OpenSSL 1.1. It still fails
> with the following error:
> 
> gcc -DHAVE_CONFIG_H -I. -I../..  -I../../include -D_LINUX -Wdate-time 
> -D_FORTIFY_SOURCE=2  -g -O2 
> -fdebug-prefix-map=/home/pollux/DEBIAN/TPM-TOOLS/tpm-tools=. 
> -fstack-protector-strong -Wformat -Werror=format-security -m64 -Wall 
> -Wno-unused -Wno-implicit-function-declaration -Wreturn-type -Wsign-compare 
> -c -o data_import.o data_import.c
> data_import.c: In function ‘readX509Cert’:
> data_import.c:375:26: error: dereferencing pointer to incomplete type 
> ‘EVP_PKEY {aka struct evp_pkey_st}’
>   if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) {
>   ^~
> In file included from /usr/include/openssl/asn1.h:24:0,
>  from /usr/include/openssl/rsa.h:16,
>  from data_import.c:34:
> data_import.c: In function ‘createRsaPubKeyObject’:
> data_import.c:694:34: error: dereferencing pointer to incomplete type ‘RSA 
> {aka struct rsa_st}’
>   int  nLen = BN_num_bytes( a_pRsa->n );
>   ^
> Makefile:524: recipe for target 'data_import.o' failed
> 
> OpenSSL decided not to allow access to these fields anymore. At this
> point, I have no idea on how to fix this.
> 
> Best regards,
> Pierre
> 
Hi Pierre,


OpenCryptoki builds the TPM token that can communicate with a TPM.
Thus, the PKCS#11 support in tpm-tools wasn't necessary.  The build
in version 1.3.9 does not include the pkcs#11 support by default.
If Debian enables that support by default, please disable it.


Thanks,
Vicky

Bug#828577: The patch is upstream

2016-11-20 Thread Pierre Chifflier 
On Thu, Nov 17, 2016 at 07:47:56PM -0500, Hon Ching(Vicky) Lo wrote:
> On Thu, 2016-11-17 at 16:29 -0500, Hon Ching(Vicky) Lo wrote:
> > Hi
> > 
> > The patch is upstream:
> > https://sourceforge.net/p/trousers/tpm-tools/ci/6fb8a3c5ad3bc6e62f6895a4fcf3540faa29b4f2/
> > 
> > 
> > Thanks,
> > Vicky
> 
> The patch above is based off the latest code in tpm-tools 1.3.9.  Please
> rebase to tpm-tools 1.3.9 to pick up the patch instead.  Thanks!
> 

Hi,

Version 1.3.9 does not fix the build with OpenSSL 1.1. It still fails
with the following error:

gcc -DHAVE_CONFIG_H -I. -I../..  -I../../include -D_LINUX -Wdate-time 
-D_FORTIFY_SOURCE=2  -g -O2 
-fdebug-prefix-map=/home/pollux/DEBIAN/TPM-TOOLS/tpm-tools=. 
-fstack-protector-strong -Wformat -Werror=format-security -m64 -Wall 
-Wno-unused -Wno-implicit-function-declaration -Wreturn-type -Wsign-compare -c 
-o data_import.o data_import.c
data_import.c: In function ‘readX509Cert’:
data_import.c:375:26: error: dereferencing pointer to incomplete type ‘EVP_PKEY 
{aka struct evp_pkey_st}’
  if ( EVP_PKEY_type( pKey->type ) != EVP_PKEY_RSA ) {
  ^~
In file included from /usr/include/openssl/asn1.h:24:0,
 from /usr/include/openssl/rsa.h:16,
 from data_import.c:34:
data_import.c: In function ‘createRsaPubKeyObject’:
data_import.c:694:34: error: dereferencing pointer to incomplete type ‘RSA {aka 
struct rsa_st}’
  int  nLen = BN_num_bytes( a_pRsa->n );
  ^
Makefile:524: recipe for target 'data_import.o' failed

OpenSSL decided not to allow access to these fields anymore. At this
point, I have no idea on how to fix this.

Best regards,
Pierre

Bug#828577: The patch is upstream

2016-11-17 Thread Hon Ching(Vicky) Lo 
On Thu, 2016-11-17 at 16:29 -0500, Hon Ching(Vicky) Lo wrote:
> Hi
> 
> The patch is upstream:
> https://sourceforge.net/p/trousers/tpm-tools/ci/6fb8a3c5ad3bc6e62f6895a4fcf3540faa29b4f2/
> 
> 
> Thanks,
> Vicky

The patch above is based off the latest code in tpm-tools 1.3.9.  Please
rebase to tpm-tools 1.3.9 to pick up the patch instead.  Thanks!

Vicky

Bug#828577: The patch is upstream

2016-11-17 Thread Hon Ching(Vicky) Lo 
Hi

The patch is upstream:
https://sourceforge.net/p/trousers/tpm-tools/ci/6fb8a3c5ad3bc6e62f6895a4fcf3540faa29b4f2/


Thanks,
Vicky